Hi, Gentoo Hardened uses the GRSecurity and PaX patch sets on top of the mainstream linux kernel. I reported this to PaX as a workaround but tboot should definitely be fixed too because potentially a lot more might use PCID in the future.
If you want to test you can use an old version of the GRsecurity patch set. Booting with the "nopcid" option to linux will make it not touch pcid, and then if you remove nopcid, tboot will fail to shutdown. tboot is making a potentially invalid assumption about the state of processor. The safest is to disable it before disabling paging. Thanks, -- Jason On Thu, May 07, 2015 at 10:11:55PM +0000, Sun, Ning wrote: > Hi Zason, > > Thanks for your patch, may I ask if Gentoo use a generic Linux kernel? > Currently for mainstream Linux distributions we do not see the issue you > observed, can you please check from your OS to see if PCID is disabled before > disabling paging during the shutdown process. > Meanwhile we need some time to verify your patch to see if there is any side > effect... > > Thanks, > -ning > > -----Original Message----- > From: Jason Zaman [mailto:ja...@perfinion.com] > Sent: Thursday, May 07, 2015 8:51 AM > To: tboot-devel@lists.sourceforge.net > Subject: [tboot-devel] [PATCH] Disable PCID before paging during shutdown > > Disabling paging if PCID is enabled causes the machine to reboot since tboot > was not exited properly. This disables PCID just before disabling paging in > the shutdown handler in case it was not disabled by the OS first. > > Signed-off-by: Jason Zaman <ja...@perfinion.com> > ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
